#!/bin/posh
# shellcheck disable=1003,1091,2006,2016,2034,2039
# vim: set ts=2 sw=2 sts=2 fdm=marker fmr=#(,#) et:
#
# doc:
#
#  Copy this file to a new one with the same name of the cve to test, all in
# lowercase (i.e.: cve-2014–6271.sh).
#  Then add the code for the functions shown here. **ALL** functions must appear
# in the new created file, however the ones marked as 'optional' can be left
# with the same code than in 'skel.sh'. Inside the function, declare all the
# variables as 'local' (i.e.: local vuln_version="1.2.3")
#
#  NOTE: You can use here, functions and variables implemented in 'lse.sh':
#   * lse_get_pkg_version: Get package version supplying package name
#   * lse_is_version_bigger: Check if version in $1 is bigger than the $2
#   * $lse_arch: System architecture
#   * $lse_distro_codename: The linux distribution code name (ubuntu, debian,
#      opsuse, centos, redhat, fedora)
#   * $lse_linux: Kernel version
#   * Colors
#  XXX: Check the definitions in 'lse.sh' to better understand what they do and
#       how they work
#
################################################################################
## RULES:
##  * Do NOT cause any harm with the tests
##  * Try to be as accurate as possible, trying to detect patched versions from
##    distro package versions. Try to minimize false positives.
##  * The script must be POSIX compliant. Test it with 'posh' shell.
################################################################################


# lse_cve_level: 0 if leads to a privilege escalation; 1 for other CVEs
lse_cve_level=0

# lse_cve_id: CVE id in lowercase (i.e.: cve-2014–6271)
lse_cve_id="cve-2021-3156"

# lse_cve_description: Short. Not more than 52 characters long.
#__________________="vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv"
lse_cve_description="Sudo Baron Samedit vulnerability"

# Code retrieved with 'declare -f' by the packaging bash script
lse_cve_test() { #(
  local vulnerable=false
  local sudo
  local sudo_version
  local v2
  local package_version
  local package_fixed
  local distro_release
  sudo="$(command -v sudo)"
  if [ -n "$sudo" ]; then
    vulnerable=true
    sudo_version="$(sudo --version | head -n1 | cut -d ' ' -f 3)"
    v2="$(echo "$sudo_version" | cut -d. -f2)"
    package_version="$(lse_get_pkg_version sudo)"
    # only 1.8.2 to 1.8.31p2 is vulnerable
    if lse_is_version_bigger 1.8.2 "$sudo_version"; then
      exit 1
    fi
    if [ "$v2" = 8 ] && lse_is_version_bigger "$sudo_version" 1.8.31p2; then
      exit 1
    fi
    # only 1.9.0 to 1.9.5p1 is vulnerable
    if lse_is_version_bigger "$sudo_version" 1.9.5p1; then
      exit 1
    fi
    case "$lse_distro_codename" in
      debian|ubuntu)
        [ -r "/etc/os-release" ] && distro_release=$(grep -E '^VERSION_CODENAME=' /etc/os-release | cut -f2 -d=)
        case "$distro_release" in
          stretch)
            package_fixed="1.8.19p1-2.1+deb9u3"
            ;;
          buster)
            package_fixed="1.8.27-1+deb10u3"
            ;;
          precise)
            package_fixed="1.8.3p1-1ubuntu3.10"
            ;;
          trusty)
            package_fixed="1.8.9p5-1ubuntu1.5+esm6"
            ;;
          xenial)
            package_fixed="1.8.16-0ubuntu1.10"
            ;;
          bionic)
            package_fixed="1.8.21p2-3ubuntu1.4"
            ;;
          focal)
            package_fixed="1.8.31-1ubuntu1.2"
            ;;
          groovy)
            package_fixed="1.9.1-1ubuntu1.1"
            ;;
        esac
        ;;
      redhat)
        [ -r "/etc/os-release" ] && distro_release=$(grep -E '^VERSION_ID=' /etc/os-release | cut -f2 -d=)
        case "$distro_release" in
          6.*)
            package_fixed="1.8.6p3-29.el6_10.4"
            ;;
          7.2)
            package_fixed="1.8.6p7-17.el7_2.3"
            ;;
          7.3)
            package_fixed="1.8.6p7-23.el7_3.3"
            ;;
          7.4)
            package_fixed="1.8.19p2-12.el7_4.2"
            ;;
          7.6)
            package_fixed="1.8.23-3.el7_6.2"
            ;;
          7.7)
            package_fixed="1.8.23-4.el7_7.3"
            ;;
          7.*)
            package_fixed="1.8.23-10.el7_9.1"
            ;;
          8.1)
            package_fixed="1.8.25p1-8.el8_1.2"
            ;;
          8.2)
            package_fixed="1.8.29-5.el8_2.1"
            ;;
          8.*)
            package_fixed="1.8.29-6.el8_3.1"
            ;;
          *)
            lse_is_version_bigger "$distro_release" 8 && exit 1
            ;;
        esac
        ;;
      amzn)
        [ -r "/etc/os-release" ] && distro_release=$(grep -E '^VERSION_ID=' /etc/os-release | cut -f2 -d= | tr -d '"')
        case "$distro_release" in
          1)
            package_fixed="1.8.23-9.56.amzn1"
            ;;
          2)
            package_fixed="1.8.23-4.amzn2.2.1"
            ;;
        esac
        ;;
    esac
    if [ -n "$package_fixed" ] && [ -n "$package_version" ] && ! lse_is_version_bigger "$package_fixed" "$package_version"; then
      exit 1
    fi
  fi
  $vulnerable && echo "Vulnerable! sudo version: ${package_version:-$sudo_version}"
} #)

# Uncomment this line for testing the lse_cve_test function
#lse_NO_EXEC=true . ../lse.sh ; lse_cve_test
